Triple DES (3DES)

Description

Algorithm

Block diagrams

Mathematical functions

Implementation

3DES cipher is quite popular block symmetric cipher, created based on DES cipher. It was presented in 1998, and described as a standard ANS X9.52. It is also called Triple Data Encryption Algorithm (TDEA).

Block cipher with symmetric secret key

Block length = 64 bits

Key length = 56, 112, or 168 bits

3DES cipher was developed because DES encryption, invented in the early 1970s and protected by a 56-bit key, turned out to be too week and easy to break using modern computers of that time. The effective security which 3DES provides is 112 bits, when an attacker uses meet-in-the-middle attacks.

For several years, Triple DES was often used for electronic payments (for example, in EMV standard). New protocols based on the cipher are still being created and maintained (as for 2016). It was also used in several Microsoft products (for example, in Microsoft Outlook 2007, Microsoft OneNote, Microsoft System Center Configuration Manager 2012) for protecting user configuration and user data.

Triple DES algorithm performs three iterations of a typical DES algorithm. In its strongest version, it uses a secret key which consists of 168 bits. The key is then divided into three 56-bit keys.

3DES Encryption

The encryption and decryption operations may be presented as mathematical equations.

Encryption:c = E3(D2(E1(m)))

Decryption:m = D1(E2(D3(c)))

3DES with shorter keys

Using DES decryption operation in the second step of 3DES encryption provides backward compatibility with the original DES algorithm. In this case, the first and second secret keys, or the second and third secret keys should be identical, and their value is not important.

c = E3(D1(E1(m))) = E3(m)c = E3(D3(E1(m))) = E1(m)

It is also possible to use the 3DES cipher with a secret key of size of 112 bits. In this case, the first and third secret keys should be identical. Such an approach is stronger than simple DES encryption used twice (with two separate 56-bit keys) because it provides better protection against meet-in-the-middle attacks.